jonas/tlu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

.

Browse Source
This commit is contained in:
jonas 2021-10-18 15:00:39 +02:00
parent 3387f1388d
commit e3bae71113
6 changed files with 97 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
salt/states/firewalld/init.sls
View File

@ -9,6 +9,12 @@ Configure wireguard service:
- ports:
- {{ pillar['wireguard']['port'] }}/udp
Configure container registry service:
firewalld.service:
- name: registry
- ports:
- 5000/tcp
Configure firewalld for external interface:
firewalld.present:
- name: external
@ -45,6 +51,7 @@ Configure firewalld for internal network:
- https
- dns
- ntp
- registry
Configure firewalld for public networks:
firewalld.present:
@ -74,6 +81,7 @@ Configure firewalld for public networks:
- https
- dns
- ntp
- registry
Configure firewalld for airgap networks:
@ -104,6 +112,7 @@ Configure firewalld for airgap networks:
- https
- dns
- ntp
- registry
Add forwarding on Internal zone:
cmd.run:

7
salt/states/pxe/harvester/files/harvester.cfg.jinja
View File

@ -2,12 +2,13 @@
set menu_color_normal=white/black
set menu_color_highlight=white/green
menuentry 'TLU Harvester {{ pillar['harvester']['version'] }} node1' --class os {
linux harvester-v{{ pillar['harvester']['version'] }}-vmlinuz-amd64 nomodeset initrd=harvester-v{{ pillar['harvester']['version'] }}-initrd-amd64 ip=dhcp net.ifnames=1 rd.cos.disable rd.noverifyssl console=tty1 root=live:http://{{ pillar['network']['ip'] }}/harvester/harvester-v{{ pillar['harvester']['version'] }}-rootfs-amd64.squashfs harvester.install.automatic=true harvester.install.config_url=http://{{ pillar['network']['ip'] }}/harvester/node1.yaml
{% for node in ['node1', 'node2', 'node3'] -%}
menuentry 'TLU Harvester {{ pillar['harvester']['version'] }} {{ node }}' --class os {
linux harvester-v{{ pillar['harvester']['version'] }}-vmlinuz-amd64 nomodeset initrd=harvester-v{{ pillar['harvester']['version'] }}-initrd-amd64 ip=dhcp net.ifnames=1 rd.cos.disable rd.noverifyssl console=tty1 root=live:http://{{ pillar['network']['ip'] }}/harvester/harvester-v{{ pillar['harvester']['version'] }}-rootfs-amd64.squashfs harvester.install.automatic=true harvester.install.config_url=http://{{ pillar['network']['ip'] }}/harvester/{{ node }}.yaml
initrd harvester-v{{ pillar['harvester']['version'] }}-initrd-amd64
boot
}
{% endfor %}
{% for item in pillar['pxe']['harvester'] -%}
menuentry 'Harvester {{ item['version'] }}' --class os {

12
salt/states/pxe/harvester/files/node1.yaml.jinja
View File

@ -1,13 +1,23 @@
token: {{ pillar['harvester']['token'] }}
os:
ssh_authorized_keys: {{ pillar['harvester']['os']['ssh_authorized_keys'] }}
nostname: node1
hostname: node1
password: {{ pillar['harvester']['os']['password'] }}
dns_nameservers:
- {{ pillar['network']['ip'] }}
password: {{ pillar['harvester']['os']['password'] }}
ntp_servers:
- {{ pillar['network']['ip'] }}
write_files:
- path: /etc/rancher/rke2/registries.yaml
- owner: 'root:root'
- permissions: '0600'
- content: |
mirrors:
docker.io:
endpoint:
- "http://{{ pillar['network']['ip'] }}:5000"
install:
mode: create
networks:

34
salt/states/pxe/harvester/files/node2.yaml.jinja Normal file
View File

@ -0,0 +1,34 @@
server_url: https://harvester.{{ pillar['network']['domain'] }}:8443
token: {{ pillar['harvester']['token'] }}
os:
ssh_authorized_keys: {{ pillar['harvester']['os']['ssh_authorized_keys'] }}
hostname: node2
password: {{ pillar['harvester']['os']['password'] }}
dns_nameservers:
- {{ pillar['network']['ip'] }}
password: {{ pillar['harvester']['os']['password'] }}
ntp_servers:
- {{ pillar['network']['ip'] }}
write_files:
- path: /etc/rancher/rke2/registries.yaml
- owner: 'root:root'
- permissions: '0600'
- content: |
mirrors:
docker.io:
endpoint:
- "http://{{ pillar['network']['ip'] }}:5000"
install:
mode: join
networks:
harvester-mgmt:
interfaces:
- name: {{ pillar['harvester']['install']['mgmt-interface'] }}
method: static
ip: {{ pillar['network']['ip'][0:-1] }}{{ pillar['network']['hosts']['node2'] }}
subnet_mask: 255.255.255.0
gateway: {{ pillar['network']['ip'] }}
default_route: true
device: {{ pillar['harvester']['device'] }}
iso_url: http://{{ pillar['network']['ip'] }}/harvester/harvester-v{{ pillar['harvester']['version'] }}-amd64.iso

34
salt/states/pxe/harvester/files/node3.yaml.jinja Normal file
View File

@ -0,0 +1,34 @@
server_url: https://harvester.{{ pillar['network']['domain'] }}:8443
token: {{ pillar['harvester']['token'] }}
os:
ssh_authorized_keys: {{ pillar['harvester']['os']['ssh_authorized_keys'] }}
hostname: node3
password: {{ pillar['harvester']['os']['password'] }}
dns_nameservers:
- {{ pillar['network']['ip'] }}
password: {{ pillar['harvester']['os']['password'] }}
ntp_servers:
- {{ pillar['network']['ip'] }}
write_files:
- path: /etc/rancher/rke2/registries.yaml
- owner: 'root:root'
- permissions: '0600'
- content: |
mirrors:
docker.io:
endpoint:
- "http://{{ pillar['network']['ip'] }}:5000"
install:
mode: join
networks:
harvester-mgmt:
interfaces:
- name: {{ pillar['harvester']['install']['mgmt-interface'] }}
method: static
ip: {{ pillar['network']['ip'][0:-1] }}{{ pillar['network']['hosts']['node3'] }}
subnet_mask: 255.255.255.0
gateway: {{ pillar['network']['ip'] }}
default_route: true
device: {{ pillar['harvester']['device'] }}
iso_url: http://{{ pillar['network']['ip'] }}/harvester/harvester-v{{ pillar['harvester']['version'] }}-amd64.iso

8
salt/states/pxe/harvester/init.sls
View File

@ -46,11 +46,13 @@ Update harvester grub file:
- group: root
- mode: "0644"
Create tlu harvester cluster yaml for node1:
{% for node in ['node1', 'node2', 'node3'] -%}
Create tlu harvester cluster yaml for {{ node }}:
file.managed:
- name: /srv/www/htdocs/harvester/node1.yaml
- source: salt://pxe/harvester/files/node1.yaml.jinja
- name: /srv/www/htdocs/harvester/{{ node }}.yaml
- source: salt://pxe/harvester/files/{{ node }}.yaml.jinja
- template: jinja
- user: root
- group: root
- mode: "0644"
{% endfor %}